vulnerability
Oracle Linux: CVE-2023-5455: ELSA-2024-0141: ipa security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jan 10, 2024 | Jan 11, 2024 | Jan 8, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jan 10, 2024
Added
Jan 11, 2024
Modified
Jan 8, 2025
Description
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
Solution(s)
oracle-linux-upgrade-bind-dyndb-ldaporacle-linux-upgrade-custodiaoracle-linux-upgrade-ipa-clientoracle-linux-upgrade-ipa-client-commonoracle-linux-upgrade-ipa-client-epnoracle-linux-upgrade-ipa-client-sambaoracle-linux-upgrade-ipa-commonoracle-linux-upgrade-ipa-healthcheckoracle-linux-upgrade-ipa-healthcheck-coreoracle-linux-upgrade-ipa-python-compatoracle-linux-upgrade-ipa-selinuxoracle-linux-upgrade-ipa-serveroracle-linux-upgrade-ipa-server-commonoracle-linux-upgrade-ipa-server-dnsoracle-linux-upgrade-ipa-server-trust-adoracle-linux-upgrade-opendnssecoracle-linux-upgrade-python2-ipaclientoracle-linux-upgrade-python2-ipaliboracle-linux-upgrade-python2-ipaserveroracle-linux-upgrade-python3-custodiaoracle-linux-upgrade-python3-ipaclientoracle-linux-upgrade-python3-ipaliboracle-linux-upgrade-python3-ipaserveroracle-linux-upgrade-python3-ipatestsoracle-linux-upgrade-python3-jwcryptooracle-linux-upgrade-python3-kdcproxyoracle-linux-upgrade-python3-pyusboracle-linux-upgrade-python3-qrcodeoracle-linux-upgrade-python3-qrcode-coreoracle-linux-upgrade-python3-yubicooracle-linux-upgrade-slapi-nisoracle-linux-upgrade-softhsmoracle-linux-upgrade-softhsm-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.